Linux Kernel Reference Leak Vulnerability in DRA7 ATL Clock Driver

A reference leak vulnerability has been identified in the Linux kernel's DRA7 ATL clock driver. This issue arises because the 'pm_runtime_get_sync()' function, which increments the power management usage counter, is not properly balanced with a corresponding 'pm_runtime_put_sync()' in certain error handling paths. As a result, failing to release the incremented counter creates a reference leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a reference leak, where power management usage counters are not properly decremented, potentially causing issues in resource management and device power states.

Reproduction

The vulnerability can be reproduced by loading a platform device that uses the DRA7 ATL clock driver and triggering an error condition that is not properly handled. This will cause the 'pm_runtime_get_sync()' to be called without a matching 'pm_runtime_put_sync()', leading to a reference leak.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the kernel to apply the fix.